Just in case anyone else runs across this thread while Googling in the future: I found that you can indeed create a self signed SSL certificate for OWA 2007 using subject alternate names that will work. You can generate your cert request here: https://www.digicert.com/easy-csr/exchange2007.htm And this page, http://exchangeninjas.com/cascert walks you thru using the three powershell commands needed to apply the self signed certificate. If you use SANs, you must include the CN (common name) for your site as one of the SANs. This is because apparently using SANs at all causes the certificate to ignore the CN field and match only from the list of SANs. This does still leave the problem that your users will get a complaint about 'the security certificate was issued by a company you have not chosen to trust.' This is the expected behavior as a self signed certificate is of course not been issued by a vendor like GoDaddy, etc. This can be taken care of by the user then adding the certificate to their local trusted root CAs. If you can get a user to understand this of course. For this reason, as Andy said, its best go just go with a third party SSL certificate so that your users don't see this and so that everything is clean. So, self signed OWA SSL certificates using SANs with Exchange 2007 are possible but not the cleanest of solutions. I would only do this if, for some reason, you cannot get the approval of a third party SSL certificate thru the hurdles. Third party is the way to go and will provide the best security as well as the cleanest user experience. Thanks Drew
